chore: update SBOM for Python 3.9 (intel#3502)

Co-authored-by: GitHub <[email protected]>

Author: 2 people

sbom/cve-bin-tool-py3.9.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:49e5ab23-133b-4db2-9fa2-6bb79a50ff57",
+  "serialNumber": "urn:uuid:233d04b0-bdbb-4457-bac7-f220a1ddaf27",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-10-30T00:26:16Z",
+    "timestamp": "2023-11-06T00:25:57Z",
     "tools": {
       "components": [
         {
@@ -218,7 +218,7 @@
       "type": "library",
       "bom-ref": "7-charset-normalizer",
       "name": "charset-normalizer",
-      "version": "3.3.1",
+      "version": "3.3.2",
       "supplier": {
         "name": "Ahmed TAHRI",
         "contact": [
@@ -227,7 +227,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*",
       "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
       "licenses": [
         {
@@ -239,12 +239,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/charset-normalizer/3.3.1",
+          "url": "https://pypi.org/project/charset-normalizer/3.3.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1"
+      "purl": "pkg:pypi/[email protected].2"
     },
     {
       "type": "library",
@@ -544,7 +544,7 @@
       "type": "library",
       "bom-ref": "17-argcomplete",
       "name": "argcomplete",
-      "version": "3.1.2",
+      "version": "3.1.4",
       "supplier": {
         "name": "Andrey Kislyuk",
         "contact": [
@@ -553,7 +553,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*",
       "description": "Bash tab completion for argparse",
       "licenses": [
         {
@@ -565,12 +565,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/argcomplete/3.1.2",
+          "url": "https://pypi.org/project/argcomplete/3.1.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].2",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "License Comments",
@@ -1228,7 +1228,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.23.3",
+      "version": "2.23.4",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1237,7 +1237,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1249,12 +1249,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.23.3",
+          "url": "https://pypi.org/project/google-auth/2.23.4",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].3",
+      "purl": "pkg:pypi/[email protected].4",
       "properties": [
         {
           "name": "License Comments",
@@ -1443,11 +1443,11 @@
       "type": "library",
       "bom-ref": "44-jsonschema",
       "name": "jsonschema",
-      "version": "4.19.1",
+      "version": "4.19.2",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.2:*:*:*:*:*:*:*",
       "description": "An implementation of JSON Schema validation for Python",
       "licenses": [
         {
@@ -1459,12 +1459,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/jsonschema/4.19.1",
+          "url": "https://pypi.org/project/jsonschema/4.19.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1"
+      "purl": "pkg:pypi/[email protected].2"
     },
     {
       "type": "library",
@@ -1524,11 +1524,11 @@
       "type": "library",
       "bom-ref": "47-rpds-py",
       "name": "rpds-py",
-      "version": "0.10.6",
+      "version": "0.12.0",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.12.0:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1540,12 +1540,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.10.6",
+          "url": "https://pypi.org/project/rpds-py/0.12.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.10.6"
+      "purl": "pkg:pypi/rpds-py@0.12.0"
     },
     {
       "type": "library",
@@ -2157,7 +2157,7 @@
       "type": "library",
       "bom-ref": "67-zstandard",
       "name": "zstandard",
-      "version": "0.21.0",
+      "version": "0.22.0",
       "supplier": {
         "name": "Gregory Szorc",
         "contact": [
@@ -2166,7 +2166,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*",
       "description": "Zstandard bindings for Python",
       "licenses": [
         {
@@ -2178,12 +2178,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/zstandard/0.21.0",
+          "url": "https://pypi.org/project/zstandard/0.22.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/zstandard@0.21.0",
+      "purl": "pkg:pypi/zstandard@0.22.0",
       "properties": [
         {
           "name": "License Comments",

sbom/cve-bin-tool-py3.9.spdx

@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-156d1333-107b-45f2-9bab-245ab3e876cb
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f6fb3e58-b97b-457f-b808-a1adf2ef6fc6
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-30T00:24:47Z
+Created: 2023-11-06T00:24:49Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*
 
 PackageName: charset-normalizer
 SPDXID: SPDXRef-Package-7-charset-normalizer
-PackageVersion: 3.3.1
+PackageVersion: 3.3.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Ahmed TAHRI ([email protected])
-PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.1
+PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: multidict
@@ -256,18 +256,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
 
 PackageName: argcomplete
 SPDXID: SPDXRef-Package-17-argcomplete
-PackageVersion: 3.1.2
+PackageVersion: 3.1.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Kislyuk ([email protected])
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.2
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.4
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Bash tab completion for argparse</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: crcmod
@@ -566,18 +566,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.23.3
+PackageVersion: 2.23.4
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform ([email protected])
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.3
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.4
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.4:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -672,17 +672,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected]
 
 PackageName: jsonschema
 SPDXID: SPDXRef-Package-44-jsonschema
-PackageVersion: 4.19.1
+PackageVersion: 4.19.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.2
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>An implementation of JSON Schema validation for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/[email protected].2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.2:*:*:*:*:*:*:*
 ##### 
 
 PackageName: jsonschema-specifications
@@ -717,17 +717,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-47-rpds-py
-PackageVersion: 0.10.6
+PackageVersion: 0.12.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.6
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.12.0
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.6
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.12.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.12.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: lib4sbom
@@ -1022,18 +1022,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*
 
 PackageName: zstandard
 SPDXID: SPDXRef-Package-67-zstandard
-PackageVersion: 0.21.0
+PackageVersion: 0.22.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Gregory Szorc ([email protected])
-PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0
+PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: BSD-3-Clause
 PackageLicenseComments: <text>zstandard declares BSD which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Zstandard bindings for Python</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*
 ##### 
 
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4